Download OpenAPI specification:Download
Configure Mosaic SSO Service to streamline login for users. Create and manage SSO clients group to control your SSO login experience.
Creates a new SSO clients group.
Required permissions: sso-service:edit.
{- "name": "My Clients Group",
- "description": "string",
- "configuration": {
- "journey": "string",
- "allowSilentLogin": true,
- "sessionTimeout": 0,
- "sessionTimeoutGranularity": "seconds"
}
}{- "result": {
- "app_id": "string",
- "tenant_id": "string",
- "app_name": "string",
- "app_description": "string",
- "client_type": "web",
- "logo": "string",
- "client_id": "string",
- "client_display_name": "string",
- "client_description": "string",
- "client_secret": "string",
- "redirect_uris": [
- "string"
], - "login_preferences": {
- "auth_methods": {
- "google": {
- "clientId": "string",
- "clientSecret": "string",
}, - "facebook": {
- "clientId": "string",
- "clientSecret": "string",
}, - "email": {
- "expiresIn": 0,
- "linksPerUser": 0,
- "message": {
- "primaryColor": "string",
- "from": "string",
- "subject": "string"
}
}, - "email_otp": {
- "expiresIn": 0,
- "lockoutDuration": 15,
- "maxFailures": 3,
- "codeLength": 6,
- "message": {
- "primaryColor": "string",
- "from": "string",
- "subject": "string"
}
}, - "apple": {
- "clientId": "string",
- "clientSecret": "string",
- "appleTeamId": "string",
- "keyId": "string"
}, - "sms": {
- "expiresIn": 0,
- "lockoutDuration": 15,
- "maxFailures": 3,
- "codeLength": 6
}, - "webauthn_api": {
- "rpId": "string",
- "rpOrigin": "string",
- "rpOrigins": [
- "string"
], - "replaceExistingPasskey": false,
- "maxFailures": 3,
- "lockoutDuration": 15,
- "failuresExpireIn": 15
}, - "line": {
- "clientId": "string",
- "clientSecret": "string",
}, - "password": {
- "resetValidityMinutes": 5,
- "passwordComplexity": 5,
- "passwordMinLength": 14,
- "blockPreviousPasswords": 0,
- "checkHibp": false,
- "checkDictionary": false,
- "passwordExpiresIn": 90,
- "ignoreExpiration": false,
- "maxPasswordFailures": 5,
- "passwordSuspensionDuration": 15,
- "failuresExpireIn": 15,
- "tempPasswordValidityHours": 24,
- "message": {
- "primaryColor": "string",
- "from": "string",
- "subject": "string"
}, - "requireMFA": false,
- "codeLength": 6,
- "notifyOnPasswordUpdate": false
}, - "totp": {
- "algorithm": "sha1",
- "digits": 6,
- "period": 30,
- "window": 2,
- "issuer": "My Company",
- "maxFailures": 3,
- "lockoutDuration": 15
}, - "push": {
- "apn": {
- "0": "string",
- "key": "string",
- "keyId": "string",
- "teamId": "string",
- "bundle": "string",
- "isProduction": true
}, - "fcm": {
- "key": { }
}
}, - "tiktok": {
- "clientId": "string",
- "clientSecret": "string",
}, - "pin_authenticator": {
- "maxFailures": 3,
- "lockoutDuration": 15,
- "failuresExpireIn": 15
}
}
}, - "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "updated_at": "2019-08-24T14:15:22Z",
- "resources": [
- "string"
], - "service_providers": [
- "string"
], - "authenticator_preferences": {
- "is_centralized": false,
}, - "allow_public_signup": true,
- "client_auth_method": "client_secret_basic",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "device_authorization": {
- "enabled": false,
}, - "password_sharing_group_id": "string",
- "invite_client_id": "string",
- "subdomain": "myapp",
- "invite_member_email_expiration_minutes": 2880,
- "custom_domain": {
- "domain": "myapp.com",
- "updated_at": "2019-08-24T14:15:22Z",
- "status": "pending",
- "error": "string"
}, - "external_communication": {
- "language": "en"
}, - "signing_key_enabled": true
}
}Retrieves a list of all clients groups.
Required permissions: sso-service:read.
{- "result": [
- {
- "id": "string",
- "name": "string",
- "description": "string",
- "configuration": {
- "journey": "string",
- "sessionTimeout": 0,
- "allowSilentLogin": true,
- "sessionTimeoutGranularity": "seconds"
}, - "clients": [
- {
- "client_id": "string",
- "client_secret": "string",
- "client_type": "web",
- "name": "string",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "redirect_uris": [
- "string"
], - "authentication_protocol": "oidc",
- "is_third_party": true,
- "optional_acs_url": true,
- "sp_acs_url": "string",
- "sp_entity_id": "string",
- "metadata_url": "string",
- "sso_url": "string",
- "entity_id": "string",
- "x509_certificate": "string",
- "default_custom_claims": [
- "tid"
]
}
]
}
]
}Retrieves a clients group by its ID. The clients group ID is a unique identifier for a clients group.
Required permissions: sso-service:read.
SSO Service Not Found
{- "result": {
- "id": "string",
- "name": "string",
- "description": "string",
- "configuration": {
- "journey": "string",
- "sessionTimeout": 0,
- "allowSilentLogin": true,
- "sessionTimeoutGranularity": "seconds"
}, - "clients": [
- {
- "client_id": "string",
- "client_secret": "string",
- "client_type": "web",
- "name": "string",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "redirect_uris": [
- "string"
], - "authentication_protocol": "oidc",
- "is_third_party": true,
- "optional_acs_url": true,
- "sp_acs_url": "string",
- "sp_entity_id": "string",
- "metadata_url": "string",
- "sso_url": "string",
- "entity_id": "string",
- "x509_certificate": "string",
- "default_custom_claims": [
- "tid"
]
}
]
}
}Updates an existing clients group. The clients group ID is a unique identifier for a clients group.
Required permissions: sso-service:edit.
{- "name": "My Clients Group",
- "description": "string",
- "configuration": {
- "journey": "string",
- "allowSilentLogin": true,
- "sessionTimeout": 0,
- "sessionTimeoutGranularity": "seconds"
}
}{ }Creates a new client in the SSO clients group.
Required permissions: sso-service:edit.
| name required | string Name of the client |
| description | string Short description of the client |
| resources | Array of strings List of resources IDs associated with this client |
| authentication_protocol | string Default: "oidc" Authentication protocol used by the client |
| client_group_id | string Id of client group to associate with |
| default_custom_claims | Array of strings List of client default custom claims |
| short_cookies_samesite_type | string Default: "lax" Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax" |
| redirect_uris required | Array of strings List of URIs approved for redirects for your client |
| client_type | string Default: "web" Client type |
| response_types | Array of strings Default: ["code","id_token"] Items Enum: "code" "id_token" |
| token_endpoint_auth_method | string Deprecated Default: "client_secret_basic" This field is deprecated- to configure pkce use "pkce" field instead |
object Configuration for an OAuth Device Authorization Flow | |
object CIBA authorization flow configuration | |
| pkce | string PKCE configuration |
| supported_prompts | Array of strings Supported prompts for the OIDC authentication flow |
object Token expiration settings | |
| session_expiration | number Session expiration time (seconds) |
| enforce_par | boolean enforce PAR (Pushed Authorization Request) for this client |
| role_ids | Array of strings Role IDs |
| fapi_version_compliancy | boolean FAPI 2.0 compliancy configuration |
{- "name": "My Client",
- "description": "string",
- "resources": [
- "string"
], - "authentication_protocol": "oidc",
- "client_group_id": "string",
- "default_custom_claims": [
- "tid"
], - "short_cookies_samesite_type": "lax",
- "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "device_authorization": {
- "enabled": false,
}, - "pkce": "enforcePkceInsteadOfClientCredentials",
- "supported_prompts": [
- "login",
- "consent",
- "none"
], - "token_expiration": {
- "access_token_ttl": 0,
- "refresh_token_ttl": 0,
- "max_refresh_rotate": 0
}, - "session_expiration": 0,
- "enforce_par": true,
- "role_ids": [
- "string"
], - "fapi_version_compliancy": true
}{- "result": {
- "client_id": "string",
- "client_secret": "string",
- "client_type": "web",
- "name": "string",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "redirect_uris": [
- "string"
], - "authentication_protocol": "oidc",
- "is_third_party": true,
- "optional_acs_url": true,
- "sp_acs_url": "string",
- "sp_entity_id": "string",
- "metadata_url": "string",
- "sso_url": "string",
- "entity_id": "string",
- "x509_certificate": "string",
- "default_custom_claims": [
- "tid"
]
}
}Updates a client within the SSO clients group by specifying it by its ID. Note: Fields that are objects cannot be partially updated, since the new value you set will just replace the current one.
Required permissions: sso-service:edit.
| name | string Name of the client |
| description | string Short description of the client |
| resources | Array of strings List of resources IDs associated with this client |
| client_group_id | string Id of client group to associate with |
| default_custom_claims | Array of strings List of client default custom claims |
| short_cookies_samesite_type | string Default: "lax" Short cookies samesite type. Possible values: "none", "lax", "strict". Default: "lax" |
| redirect_uris | Array of strings List of URIs approved for redirects for your client |
| client_type | string Default: "web" Client type |
| response_types | Array of strings Default: ["code","id_token"] Items Enum: "code" "id_token" |
| token_endpoint_auth_method | string Deprecated Default: "client_secret_basic" This field is deprecated- to configure pkce use "pkce" field instead |
object Configuration for an OAuth Device Authorization Flow | |
object CIBA authorization flow configuration | |
| pkce | string PKCE configuration |
| supported_prompts | Array of strings Supported prompts for the OIDC authentication flow |
object Token expiration settings | |
| session_expiration | number Session expiration time (seconds) |
| enforce_par | boolean enforce PAR (Pushed Authorization Request) for this client |
| role_ids | Array of strings Role IDs |
| fapi_version_compliancy | boolean FAPI 2.0 compliancy configuration |
{- "name": "My Client",
- "description": "string",
- "resources": [
- "string"
], - "client_group_id": "string",
- "default_custom_claims": [
- "tid"
], - "short_cookies_samesite_type": "lax",
- "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "device_authorization": {
- "enabled": false,
}, - "pkce": "enforcePkceInsteadOfClientCredentials",
- "supported_prompts": [
- "login",
- "consent",
- "none"
], - "token_expiration": {
- "access_token_ttl": 0,
- "refresh_token_ttl": 0,
- "max_refresh_rotate": 0
}, - "session_expiration": 0,
- "enforce_par": true,
- "role_ids": [
- "string"
], - "fapi_version_compliancy": true
}{- "result": {
- "client_id": "string",
- "client_secret": "string",
- "client_type": "web",
- "name": "string",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "redirect_uris": [
- "string"
], - "authentication_protocol": "oidc",
- "is_third_party": true,
- "optional_acs_url": true,
- "sp_acs_url": "string",
- "sp_entity_id": "string",
- "metadata_url": "string",
- "sso_url": "string",
- "entity_id": "string",
- "x509_certificate": "string",
- "default_custom_claims": [
- "tid"
]
}
}Deletes a client and removes it from the SSO client group.
Required permissions: sso-service:edit, sso-service:delete.
{- "message": "string",
- "error_code": 404
}